In the mobile app world, when hackers want access to personal information, they need simply ask.
This is one of several key findings Symantec Corp. released today as part of the company’s “Mobile App Security” study. Conducted during a two-week period in October, the study surveyed more than 6,000 smartphone users in Canada and the U.S., as well as other regions such as Australia, Brazil, Germany, Italy, Spain, Japan, and the U.K. The study found that many are willing to forego privacy in exchange for free entertainment.
There’s a disconnect between how people understand physical and digital privacy, according to James Nguyen, product manager of mobile applications at Symantec. He cited one example where someone who may not want to take a personal document on the road – such as a birth certificate – would instead take a picture of it, and will have granted apps permission to access photos on their device.
“You would never let anybody go through your front door, go directly into your house and try to find this information, but in app form, you’re willing to download it, they have to ask you for it, and you don’t think twice about hitting ‘next’,” said Nguyen.
Symantec is hoping to change this by leveraging its Norton Mobile Security platform to help question the necessity of app permissions, and analyse app behaviour in real time. The company has implemented what it calls the “App Advisor” functionality to pre-emptively scan apps for privacy issues and alert users prior to the download process or, once downloaded, block intrusive behaviour, battery drain, data usage, spam and phishing attempts.
The new feature to Norton Mobile Security builds upon Norton Mobile Insight, a database of millions of apps that Symantec has analysed across 200 app stores to determine potential security risks.
“When you download an app, the term ‘free’ rarely comes without a cost,” Nguyen told CDN, adding that for developers, especially small ones who can’t monetize their apps, collecting and selling personal information often becomes their only means of income.
According to the survey, those worried about getting a virus or malware are also more willing to allow free apps to access sensitive device functions and personal information, while 94 per cent of consumers were not worried about fitness and health data being shared, which can be used to build individual profiles.
Canadians are also 10 per cent more likely than the global average to play games on their smartphones, which Symantec identified as at highest risk for privacy breaches.
“Most people say they do care about security, privacy leakage, in actuality what we’re seeing is that … people are really willing to allow collection of their information,” said Nguyen.
Despite certain developers – including Facebook for its Messenger app – coming under fire recently for increasingly ubiquitous data collection, and while services like Google Play becoming more transparent in displaying permission requests, Nguyen says that there needs to be more awareness about the implications of hitting ‘Ok’ for big and small apps alike.
“It’s good for users to sit there and think for minute and say ‘hey, is it really necessary for those apps to get this information and worth the trade off?” Nguyen said. “That’s a healthy question to ask.”